Google ranks Gmail malware targets: Here's how your sector rates on malicious spam

Google's breakdown of Gmail customers who receive the most spam reveals that the real-estate sector is the prime target of emails with malicious attachments or links.
Written by Liam Tung, Contributing Writer

Google's figures show that real estate has been by far the sector most targeted by malware in Q1 2017.

Image: Google

Real-estate businesses receive 10 times more spam with malicious links or attachments than organizations in healthcare and sciences, according to Google's analysis of spam targeting G Suite users in the first quarter of 2017.

Google doesn't explain why real-estate businesses are being targeted, but the Boston division of the FBI in December warned of a dramatic surge in "business email compromise" fraud targeting businesses in the city, singling out real-estate agents as frequent targets.

It counted 370 victims in its division, with losses totaling $33m. Individual losses ranged from $500 to $5.9m.

Attackers also sent 4.3 times more malicious attachments and 6.2 times more phishing emails to corporate Gmail accounts than personal Gmail inboxes, according to Google. The report profiles targeted attacks against G Suite users across different sectors and countries.

Google says it wants to expose email attack trends to highlight notable differences between industries so that security pros can tailor defenses to these threats.

In slides from a presentation by Google's anti-fraud team at RSA this week, Google reveals that science-related firms in Germany receive 9.6 times more phishing emails than US counterparts.

Additionally, nonprofits are more than twice as likely to receive malware in email as businesses or government organizations. On the other hand, corporate inboxes are 3.2 times more likely to receive phishing email than educational organizations.

The company also highlights a spam attack on May 5 that attempted to spread the Locky file encrypting ransomware, which was often embedded in JavaScript files in ZIP attachments.

Locky spam was being blocked by Gmail on May 5 at a rate of 30 million messages per hour, up from 20 million per hour the day before. Security researchers reported an uptick in malicious JavaScript attachments early last year.

The Locky attack goes some way to explaining Google's recent move to block all JavaScript or .js attachments in Gmail.

Google's numbers also show that companies most targeted by spam in general are firms in the entertainment, IT, and housing sectors, while phishing attacks are far more likely for organizations in finance, arts and IT.


Nonprofits are much more likely to receive malware in email as businesses or government organizations

Image: Google

More on security

Editorial standards